diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml new file mode 100644 index 0000000..3dc0365 --- /dev/null +++ b/.github/workflows/auto-merge.yml @@ -0,0 +1,106 @@ +name: Auto approve & merge Dependabot PRs + +on: + workflow_run: + workflows: ["Github Testing"] + types: [completed] + +permissions: + contents: write + pull-requests: write + +jobs: + auto-approve-merge: + runs-on: ubuntu-latest + if: github.event.workflow_run.conclusion == 'success' && github.repository == 'internetee/e_invoice' + steps: + - name: Checkout repository + uses: actions/checkout@v5 + + - name: Install GitHub CLI + run: | + curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null + sudo apt update + sudo apt install gh + + - name: Check if PR exists and is from Dependabot + id: check_pr + run: | + if [ -z "${{ github.event.workflow_run.pull_requests[0].number }}" ]; then + echo "No PR found for this workflow run – skipping job" + echo "auto_merge=false" >> $GITHUB_OUTPUT + exit 0 + fi + + PR_NUMBER=${{ github.event.workflow_run.pull_requests[0].number }} + PR_AUTHOR=$(gh pr view $PR_NUMBER --json author --jq '.author.login') + BASE_BRANCH=$(gh pr view $PR_NUMBER --json baseRefName --jq '.baseRefName') + + echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT + echo "base_branch=$BASE_BRANCH" >> $GITHUB_OUTPUT + echo "pr_author=$PR_AUTHOR" >> $GITHUB_OUTPUT + + if [[ "$PR_AUTHOR" != "dependabot[bot]" ]]; then + echo "PR is not from Dependabot – skipping merge" + echo "auto_merge=false" >> $GITHUB_OUTPUT + exit 0 + fi + + if [[ "$BASE_BRANCH" != "master" ]]; then + echo "PR is not targeting master – skipping merge" + echo "auto_merge=false" >> $GITHUB_OUTPUT + exit 0 + fi + + echo "auto_merge=true" >> $GITHUB_OUTPUT + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Fetch Dependabot metadata + if: steps.check_pr.outputs.auto_merge == 'true' + id: metadata + uses: dependabot/fetch-metadata@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + pull-request-number: ${{ steps.check_pr.outputs.pr_number }} + + - name: Check if PR should be auto-merged (patch only) + id: check_patch + if: steps.check_pr.outputs.auto_merge == 'true' + run: | + if [[ "${{ steps.metadata.outputs.update-type }}" == "version-update:semver-patch" ]]; then + echo "auto_merge=true" >> $GITHUB_OUTPUT + echo "Dependabot patch update detected – will merge" + else + echo "auto_merge=false" >> $GITHUB_OUTPUT + echo "Dependabot non-patch update – skipping merge" + fi + shell: bash + + - name: Auto approve PR + if: steps.check_patch.outputs.auto_merge == 'true' + uses: hmarr/auto-approve-action@v3 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Auto-merge PR + if: steps.check_patch.outputs.auto_merge == 'true' + run: | + echo "Attempting to auto-merge PR #${{ steps.check_pr.outputs.pr_number }}" + gh pr merge --auto --merge ${{ steps.check_pr.outputs.pr_number }} || { + echo "Auto-merge failed, but continuing..." + exit 0 + } + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Send Mattermost notification + if: steps.check_patch.outputs.auto_merge == 'true' + run: | + TIMESTAMP=$(date -u +"%Y-%m-%d %H:%M UTC") + curl -X POST -H "Authorization: Bearer ${{ secrets.MATTERMOST_BOT_TOKEN }}" \ + -H "Content-Type: application/json" \ + -d "{\"channel_id\":\"${{ secrets.MATTERMOST_CHANNEL_ID }}\",\"message\":\"[${{ github.repository }}] PR #${{ steps.check_pr.outputs.pr_number }}: \\\"${{ github.event.workflow_run.pull_requests[0].title }}\\\" was auto-merged by ${{ steps.check_pr.outputs.pr_author }}.\nUpdate type: ${{ steps.metadata.outputs.update-type || 'patch' }}\nMerged at: $TIMESTAMP\nLink: https://github.com/${{ github.repository }}/pull/${{ steps.check_pr.outputs.pr_number }}\"}" \ + https://mattermost.example.com/api/v4/posts + \ No newline at end of file